Merge branch 'feature/mqtt_support_esp_ds' into 'master'

esp-mqtt: Add support for Digital Signature (through ESP-TLS) See merge request espressif/esp-mqtt!71
espressif · Aug 18, 2020 · 01594bf · 01594bf
2 parents ae408d9 + 7d8e59d
commit 01594bf
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 0 deletions.
diff --git a/include/mqtt_client.h b/include/mqtt_client.h
@@ -14,6 +14,9 @@
 
 #include "mqtt_config.h"
 #include "esp_event.h"
+#if CONFIG_ESP_TLS_USE_DS_PERIPHERAL
+#include "rsa_sign_alt.h"
+#endif
 
 #ifdef __cplusplus
 extern "C" {
@@ -184,6 +187,7 @@ typedef struct {
     int out_buffer_size;                    /*!< size of MQTT output buffer. If not defined, both output and input buffers have the same size defined as ``buffer_size`` */
     bool skip_cert_common_name_check;       /*!< Skip any validation of server certificate CN field, this reduces the security of TLS and makes the mqtt client susceptible to MITM attacks  */
     bool use_secure_element;                /*!< enable secure element for enabling SSL connection */
+    void *ds_data;                          /*!< carrier of handle for digital signature parameters */
 } esp_mqtt_client_config_t;
 
 /**

diff --git a/include/mqtt_supported_features.h b/include/mqtt_supported_features.h
@@ -53,5 +53,10 @@
 #define MQTT_SUPPORTED_FEATURE_SECURE_ELEMENT
 #endif
 
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(4, 3, 0)
+// Features supported in 4.3
+#define MQTT_SUPPORTED_FEATURE_DIGITAL_SIGNATURE
+#endif
+
 #endif /* ESP_IDF_VERSION */
 #endif // _MQTT_SUPPORTED_FEATURES_H_
diff --git a/mqtt_client.c b/mqtt_client.c
@@ -82,6 +82,7 @@ typedef struct {
     const struct psk_key_hint *psk_hint_key;
     bool skip_cert_common_name_check;
     bool use_secure_element;
+    void *ds_data;
 } mqtt_config_storage_t;
 
 typedef enum {
@@ -222,6 +223,20 @@ static esp_err_t esp_mqtt_set_ssl_transport_properties(esp_transport_list_handle
         goto esp_mqtt_set_transport_failed;
 #endif /* MQTT_SUPPORTED_FEATURE_SECURE_ELEMENT */
     }
+
+    if(cfg->ds_data != NULL) {
+#ifdef MQTT_SUPPORTED_FEATURE_DIGITAL_SIGNATURE
+#ifdef CONFIG_ESP_TLS_USE_DS_PERIPHERAL
+        esp_transport_ssl_set_ds_data(ssl, cfg->ds_data);
+#else
+        ESP_LOGE(TAG, "Digital Signature not enabled for esp-tls in menuconfig");
+        goto esp_mqtt_set_transport_failed;
+#endif /* CONFIG_ESP_TLS_USE_DS_PERIPHERAL */
+#else
+        ESP_LOGE(TAG, "Digital Signature feature is not available in IDF version %s", IDF_VER);
+        goto esp_mqtt_set_transport_failed;
+#endif
+    }
     ESP_OK_CHECK(TAG, esp_mqtt_set_cert_key_data(ssl, MQTT_SSL_DATA_API_CLIENT_CERT, cfg->clientcert_buf, cfg->clientcert_bytes),
                  goto esp_mqtt_set_transport_failed);
     ESP_OK_CHECK(TAG, esp_mqtt_set_cert_key_data(ssl, MQTT_SSL_DATA_API_CLIENT_KEY, cfg->clientkey_buf, cfg->clientkey_bytes),
@@ -473,6 +488,7 @@ esp_err_t esp_mqtt_set_config(esp_mqtt_client_handle_t client, const esp_mqtt_cl
     cfg->psk_hint_key = config->psk_hint_key;
     cfg->skip_cert_common_name_check = config->skip_cert_common_name_check;
     cfg->use_secure_element = config->use_secure_element;
+    cfg->ds_data = config->ds_data;
 
     if (config->clientkey_password && config->clientkey_password_len) {
         cfg->clientkey_password_len = config->clientkey_password_len;